CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20255 – openSUSE Security Advisory - openSUSE-SU-2021:2789-1
https://notcve.org/view.php?id=CVE-2021-20255
09 Mar 2021 — A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de la pila por medio de una vulnerabilidad de recursividad infinita en el emul... • https://bugzilla.redhat.com/show_bug.cgi?id=1930646 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20263 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-20263
09 Mar 2021 — A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Se encontró un fallo en el demonio del sistema de archivos compartidos virtio-fs (virtiofsd) de QEMU. La nueva opción "xattrmap" puede... • https://bugzilla.redhat.com/show_bug.cgi?id=1933668 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20221 – qemu: out-of-bound heap buffer access via an interrupt ID field
https://notcve.org/view.php?id=CVE-2021-20221
01 Mar 2021 — An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un proble... • http://www.openwall.com/lists/oss-security/2021/02/05/1 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-20203 – Ubuntu Security Notice USN-5307-1
https://notcve.org/view.php?id=CVE-2021-20203
25 Feb 2021 — An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el t... • https://bugs.launchpad.net/qemu/+bug/1913873 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
08 Feb 2021 — A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicios... • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35517 – QEMU: virtiofsd: potential privileged host device access from guest
https://notcve.org/view.php?id=CVE-2020-35517
28 Jan 2021 — A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Se encontró un fallo en qemu. Se encontró un problema de escalada de privilegios del host en el demonio del sistema de archivos compartidos virtio-fs, donde un usuario invitado privilegiado puede crear un archivo especial de dispositivo en el directorio compart... • https://bugzilla.redhat.com/show_bug.cgi?id=1915823 • CWE-269: Improper Privilege Management •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29443 – QEMU: ide: atapi: OOB access while processing read commands
https://notcve.org/view.php?id=CVE-2020-29443
22 Jan 2021 — ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. La función ide_atapi_cmd_reply_end en el archivo hw/ide/atapi.c, en QEMU versión 5.1.0, permite un acceso de lectura fuera de límites porque un índice de búfer no está comprobado An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block address(LBA) is set to an invalid value. A guest ... • http://www.openwall.com/lists/oss-security/2021/01/18/2 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20808
https://notcve.org/view.php?id=CVE-2019-20808
31 Dec 2020 — In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. En QEMU versión 4.1.0, se encontró un fallo de lectura fuera de límites en la implementación VGA de ATI. Ocurre en la rutina ati_cursor_define() mientras maneja las operaciones de escritura MMIO mediante ... • https://bugzilla.redhat.com/show_bug.cgi?id=1841136 • CWE-125: Out-of-bounds Read •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11947 – QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure
https://notcve.org/view.php?id=CVE-2020-11947
31 Dec 2020 — iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. La función iscsi_aio_ioctl_cb en el archivo block/iscsi.c en QEMU 4.1.0, presenta una lectura excesiva del búfer en la región heap de la memoria que puede revelar información no relacionada de la memoria del proceso a un atacante. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access ... • http://www.openwall.com/lists/oss-security/2021/01/13/4 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
08 Dec 2020 — A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •